An anonymous reader left a comment on my blog post about the latest batch of CISA advisories from February 13th. The reader expresses some confusion about the product nomenclature used in the advisory. Readers will be further confused because the CISA advisory referred to in the comment is actually from February 4th and a different blog post. In any case, the anonymous reader noted:
“I'm baffled by the discrepancy between the ICSA-25-035-02, about vulnerabilities in Rockwell PLC's, and the original Rockwell advisory. The ICSA mentions 1756-L3zS3, while Rockwell talks about Compact GuardLogix, which has catalog 5069 not 1756 (https://www.rockwellautomation.com/en-us/products/hardware/allen-bradley/programmable-controllers/small-controllers/compactlogix-family/compactlogix-5380-controllers.html)”
In my article from February 4th over on CFSN Detailed Analysis (subscription required) on these advisories I provided part of the answer to that confusion:
“NOTE 1: The CISA advisory reports the Allen-Bradley product names for the affected devices, the Rockwell advisory provides the Rockwell product names I used above.”
The reader went on to note:
“Rockwell itself doesn't make life any easier while on the webpage it appears that they refer to the whole GuardLogix 5580 range, but the downloadable JSON file for CVE-2025-24478 specifically mentions "GuardLogix 5580 SIL3".”
I cannot help with that issue. I am confused as well, at least now that the JSON file issue was pointed out.
Posts
No comments:
Post a Comment